undefined | Better HN

0 pointsianopolous2y ago0 comments

How do you handle the SHA1 breaks in an untrusted p2p setting?

0 comments

If you mean collision attacks, this shouldn't be a problem with Git, since it uses Hardened SHA-1. Eventually, when Git fully migrates to SHA-2, we will offer that option as well.

> Is Hardened SHA-1 vulnerable?

> No, SHA-1 hardened with counter-cryptanalysis (see ‘how do I detect the attack’) will detect cryptanalytic collision attacks. In that case it adjusts the SHA-1 computation to result in a safe hash. This means that it will compute the regular SHA-1 hash for files without a collision attack, but produce a special hash for files with a collision attack, where both files will have a different unpredictable hash.

From https://shattered.io/

ianopolousOP2y ago

So you use hardened sha1 in radicle? It would be great to see this in the docs.

cloudhead2y ago

Everything that is replicated on the network is stored as a Git object, using the libgit2[0] library. This library uses hardened SHA-1 internally, which is called sha1dc (for "detect collision"). Will add to the docs, good idea!

[0]: https://github.com/libgit2/libgit2/blob/ac0f2245510f6c75db1b...

j / k navigate · click thread line to collapse

0 comments

cloudhead2y ago

If you mean collision attacks, this shouldn't be a problem with Git, since it uses Hardened SHA-1. Eventually, when Git fully migrates to SHA-2, we will offer that option as well.

> Is Hardened SHA-1 vulnerable?

From https://shattered.io/

ianopolousOP2y ago

So you use hardened sha1 in radicle? It would be great to see this in the docs.

cloudhead2y ago

[0]: https://github.com/libgit2/libgit2/blob/ac0f2245510f6c75db1b...

j / k navigate · click thread line to collapse